I have an interesting challenge to solve on an old Rails 2.0.2 application (in the process of being updated to Rails 4 but I can't wait that long to solve this problem). The problem is this: we're about to distribute offline content that is meant to ultimately bring the user online to our website. In the transition from offline to online there is a form they fill out offline but that we want to be able to post the data to the online version of the form without the user having to fill the same form out twice. The problem I'm seeing is how to deal with the the Authenticity Token that changes in the online version. Anyone have any suggestions on how we can work around this. I understand the purpose of the Authenticity Token is to prevent what I'm trying to do but can I work around it, for example, by somehow prefilling the online version with the data from the offline version? I don't think I can reproduce a currently working authenticity token/session pair unless I can somehow write the same session_id to a cookie of the online form's domain? Or maybe I have to address it server-side? I was trying to avoid having custom code server-side just for this issue... Thanks ahead of time for any responses.
Rails - Work Around Authenticity Token
293 Views Asked by Craig At
1
There are 1 best solutions below
Related Questions in RUBY-ON-RAILS
- Rails HABTM: Select everything a that a record 'has'
- Best way to make an HABTM association via console
- dynamically create an ical / ics file from a rails model
- Ruby destroy is not working? Or objects still present?
- NoMethodError: undefined method `update_average_rating' for nil:NilClass
- Select results where joined table contains records with an attribute, but without another
- Showing posts only created when boolean was true
- Ruby on rails and HAML - Print a hash with background color
- How can I monitor an endpoint's status with Ruby?
- How to create dynamic pages without form_for helper in Rails?
- Rails 4.2 jQuery loads only after refresh
- "Access Denied" - User's Permissions to S3 Bucket
- ActiveRecord, Rails 4: has_many :through with scoped conditions failure
- Rails - formatting a list of options
- Rails - Ajax do not work properly on production server
Related Questions in TOKEN
- .net Web Api 2 Owin authentication token expires suddenly and often on IIS 8.5
- search with filter by token count
- How to token paste a number?
- Ember.js REST Auth Headers
- django rest framework - token authentication logout
- Is my JWT refresh plan secure?
- PHP token security
- GCM get invalid tokens when sending to multiple devices at once
- Uncaught SyntaxError: Unexpected token < in HTML - can't solve
- TERADATA - How to split a character column and keep the last token?
- Oauth refresh token provider error in ValidateClientAuthentication
- First authentification in order to get token
- does Token Based Authentication requires to store token in DB?
- Play Framework: How to Add a Header to Every Response
- Meteor app deploying with Modulus
Related Questions in AUTHENTICITY
- JWE nimbus-JOSE authenticity and JavaScript counterpart
- IBM Worklight 6.2 Direct Update fails when application authenticity is enabled (iphone IOS 7)
- Secure and authenticate data from server to client
- How to ensure HTTP upload came from authentic executable
- Is there a way to (say, cryptographically) prove, that a specific software code is used in a web service?
- Can a git history be falsified?
- Rails - Work Around Authenticity Token
- Can i prevent an application from being installed in a particluar device in android?
- How to configure a Android Multi Module APP to work with IBM Mobile Foudation Platfom 8.0's AppAuthenticity
- Basic high performance data authenticity
- Does a Message authentication code (MAC) ensure authenticity of the key used?
- Rails Authenticity Token not valid when using a different layout
- Authenticity and Integrity of HTTP Requests
- "Re-enabling" App Authenticity in Mobilefirst 8.0 not working
- IBM MobileFirst: Application Authenticity rejection despite the application's authentic identity?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
Instead of POSTing to the online form, GET the online form and prepopulate the fields using a query string.
For example, an offline form with first and last names will, when submitted, perform a GET request like this:
This URL will render a live
newform, complete with a valid CSRF token. Use the query string to populate the input fields. Query string can be accessed viaparams[].This way, your users can submit a live CSRF-tokenized form without having to fill out a second form. At minimum, your users will have to click two submit buttons. You can present the online version of the form as a confirmation step.